Published: 16/10/2014 Updated: 13/02/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Jenkins prior to 1.583 and LTS prior to 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openshift
jenkins jenkins

Debian Bug report logs - #763899 jenkins: multiple security vulnerabilities Package: jenkins; Maintainer for jenkins is (unknown); Reported by: Nobuhiro Ban <bannobuhiro@gmailcom> Date: Fri, 3 Oct 2014 15:03:02 UTC Severity: grave Tags: security Found in version jenkins/15652-2 Fixed in version jenkins/15653-1 Don ...

Jenkins before 1583 and LTS before 15653 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code ...

CWE-200 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 https://access.redhat.com/errata/RHSA-2016:0070 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763899 https://access.redhat.com/security/cve/cve-2014-3667

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3667

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect